]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c3d560)
tests: add pcap logging tests 1848/head
authorVictor Julien <victor@inliniac.net>
Tue, 21 May 2024 07:51:01 +0000 (09:51 +0200)
committerVictor Julien <victor@inliniac.net>
Wed, 22 May 2024 18:18:57 +0000 (20:18 +0200)
tests/pcap-log-uncompressed-01/README.md [new file with mode: 0644] patch | blob
tests/pcap-log-uncompressed-01/suricata.yaml [new file with mode: 0644] patch | blob
tests/pcap-log-uncompressed-01/test.yaml [new file with mode: 0644] patch | blob
tests/pcap-log-uncompressed-02-multi/README.md [new file with mode: 0644] patch | blob
tests/pcap-log-uncompressed-02-multi/suricata.yaml [new file with mode: 0644] patch | blob
tests/pcap-log-uncompressed-02-multi/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/pcap-log-uncompressed-01/README.md b/tests/pcap-log-uncompressed-01/README.md
new file mode 100644 (file)
index 0000000..87ab1ba
--- /dev/null
+++ b/tests/pcap-log-uncompressed-01/README.md
@@ -0,0 +1 @@
+Test that Suricata will write 3 uncompressed pcap files.
diff --git a/tests/pcap-log-uncompressed-01/suricata.yaml b/tests/pcap-log-uncompressed-01/suricata.yaml
new file mode 100644 (file)
index 0000000..46f1084
--- /dev/null
+++ b/tests/pcap-log-uncompressed-01/suricata.yaml
@@ -0,0 +1,22 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap
+      compression: none
+      mode: normal
+      limit: 4mb
+      ts-format: usec
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: perf
+        filename: eve.json
+        type: json
diff --git a/tests/pcap-log-uncompressed-01/test.yaml b/tests/pcap-log-uncompressed-01/test.yaml
new file mode 100644 (file)
index 0000000..72ec392
--- /dev/null
+++ b/tests/pcap-log-uncompressed-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8
+      
+pcap: ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+  - --runmode=single
+
+checks:
+    - shell:
+        args: find . -type f -name 'log.pcap.1523389*.*' | wc -l | xargs
+        expect: 3
diff --git a/tests/pcap-log-uncompressed-02-multi/README.md b/tests/pcap-log-uncompressed-02-multi/README.md
new file mode 100644 (file)
index 0000000..e87bbfd
--- /dev/null
+++ b/tests/pcap-log-uncompressed-02-multi/README.md
@@ -0,0 +1 @@
+Test that Suricata will write 3 uncompressed pcap files in multi mode.
diff --git a/tests/pcap-log-uncompressed-02-multi/suricata.yaml b/tests/pcap-log-uncompressed-02-multi/suricata.yaml
new file mode 100644 (file)
index 0000000..99dba94
--- /dev/null
+++ b/tests/pcap-log-uncompressed-02-multi/suricata.yaml
@@ -0,0 +1,22 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap.%n-%t-%i
+      compression: none
+      mode: multi
+      limit: 4mb
+      ts-format: usec
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: perf
+        filename: eve.json
+        type: json
diff --git a/tests/pcap-log-uncompressed-02-multi/test.yaml b/tests/pcap-log-uncompressed-02-multi/test.yaml
new file mode 100644 (file)
index 0000000..9d08102
--- /dev/null
+++ b/tests/pcap-log-uncompressed-02-multi/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8
+      
+pcap: ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+  - --runmode=single
+
+checks:
+    - shell:
+        args: find . -type f -name 'log.pcap.1-1523389*.*-*' | wc -l | xargs
+        expect: 3
Mirror of https://github.com/OISF/suricata-verify.git